Embed Size (px)
Citation preview
Practical exercises of Computer Security
Laboratory for the class “Computer system security” (02KRQ)Politecnico di Torino – AY 2017/18
Prof. Antonio Lioy
prepared by:Diana Berbecaru ([email protected])
v. 1.4 (4/10/2017)
1 Working environment in laboratory
The laboratory exercises use the Linux Live distribution Kali, version 2017.1. We have created a “custom”ISO image of this Linux distribution needed to complete the exercises proposed in the laboratories. Potentialproblems due to driver incompatibilities of your own PC or network configuration at your place are not coveredin this material. We have performed preliminary checks aimed to control that the packages required in thelaboratories are present so that you would not have to download them during the laboratory (with few exceptionsthat are mentioned in the text) avoiding thus to unnecessarily overload the network during laboratory.
Moreover, we have reduced the ISO size and we have adopted XFCE (as unique Desktop Environment) so thatto minimize the system requirements, considering that not all the PCs in the laboratory are recent and/or havehigh performances.
The ISO Live image of Kali can be selected directly from the Grub menu of the PCs in LabInf. The usernameand the password required to load the Live distribution are the following:
username: securitypassword: 03GSD02KRQ
At the boot of Kali you should see a menu similar to the one shown in Figure 1.
Choose “Live (forensic mode)” to start up the operating system.
At login, authenticate yourself with username root and password toor.
At the end of the boot, Kali 2017.1 should have already configured correctly the network (since the DHCPfacility is present in the lab).
The graphical X server should start up automatically and the working environment will look like in Figure 2.
Useful commands
We remind you some useful Linux commands required throughout the exercises. Note that the square brackets(i.e. [ and ]) indicate something optional, the angle brackets (i.e. < and >) indicate a choice, the words in Italicneed to be replaced with specific data required by the command.
• To configure the keyboard in console mode, you can use the command:
loadkeys language
1
while in graphical mode you can use:
setxkbmap language
where language can be it for the italian keyboard (which is the most frequent option both in laboratoryand at home) or us for the american keyboard (the default option).
• to create a new user:
adduser username
• to change user, in particular to become root (if you do not specify username it is assumed root):
su [-] [ username ]
Figure 1: Initial menu of Kali 2017.1.
Figure 2: Kali working environment.
2
• to obtain more information of the use of a command/program:
man program name
• to start/stop/restart services:
systemctl {status start restart stop enable } servicename
or
service servicename { start | stop | restart }
or
/etc/init.d/servicename { start | stop | restart }
• to view the network configuration of your machine (IP address, netmask, . . . ) with net-tools:
ifconfig
or by using the ip command:
ip addr show
• to configure the network intreface manually, to set the IP address with net-tools:
ifconfig interface IP netmask network netmaskroute add default gw IP defaultGW
or by using the ip command:
ip addr add IP/netmask CIDR dev interfaceip route add default via IP defaultGW
• to add a static route with net-tools:
route add -net IP destination network netmask network netmask gw IP gateway
or by using the ip command:
ip route add IP destination route via IP gateway dev interface
• to set a DNS server, add a line in the file resolv.conf of type
nameserver IP nameserver
Further options are available with the command man resolv.conf
• to install a program starting from the name of the package:
3
apt-get install package name
If the screen locks and you need to unlock it as “root” user, you can use the password “toor”.
2 Setting up the laboratory environment at home
The exercises proposed in the laboratories will require you to use at most three PCs at the same time, withthe exception of the laboratory on IPsec, when you will be required to use four PCs at the same time. In thefollowing sections we will describe how you can create at home a working environment very similar to the oneused in the laboratory.
2.1 Use of a virtualised environment
You can use virtualisation to run in parallel one or more copies of Kali on a unique physical machine. Kalireleases also Virtual Machines (VM) that are ready to run in VMWare and VirtualBox virtual environments, inaddition to the various ISO versions 1.
There exist two types of Kali VM (corresponding to the versions of Kali distributions):
• Kali Full, of rather big size (about 3.1 GB), which contains the most important security tools and useGnome as Desktop Environment;
• Kali Light, of reduced size (about 0.85 GB), which contains the essential security tools and use XFCE asDesktop Environment.
For the practical laboratories of this course, it is sufficient to use Kali Light. However, if you have enoughcomputational resources, we advise you to use Kali Full, which includes various security attack and analysistools that you might be interested in. Note: Pay attention to use always use them in accordance to the Law.
The configuration that we suggest (the one that we typically use to test the practical exercises with virtualisationon our own PCs) includes:
• a main (virtual) machine, which uses Kali Full, that will allow you to have a rich Desktop Environmentand many security tools at disposal;
• one or more additional (virtual) machines, which run Kali Light. These machines will be used to performthe practical exercises proposed throughout the laboratories with rather reduced computational workload(due to the characteristics of the Light distribution).
Kali Full
Kali Light
Kali Light 2vSwitch
NAT
Internet
Kali Light 3
Figure 3: Network topology to recreate the laboratory environment with NAT Network and three VMs.
1Available at the link https://www.kali.org/downloads/3/
4
We will describe next the instructions to prepare the working enviornment, a virtual Security Lab network,composed of a VM with Kali Full and up to three VMs with Kali Light, as illustrated in Figure 3. We proposeto use Oracle VM VirtualBox, a free virtualisation product available for Linux and Windows platforms. Virtu-alBox is much lighter from the computation point of view with respect to other tools in case it is used a singleVM, but is does not scale well when the number of VMs used is increased (with respect to other commercialproducts). For this reason, managing more than two VMs on a single PC with only 2 GB RAM could becomedifficult because the system might be slow. You should not have usability problems if you have at least 4 GBRAM or more.
The version we refer to in this document is 5.1.28 that you can download from the URLhttps://www.virtualbox.org/wiki/Downloads
The documentation is available at the URL:https://www.virtualbox.org/wiki/Documentation
For the installation take a look at the Chapter 2 of the guide Oracle VM VirtualBox User manual:http://download.virtualbox.org/virtualbox/UserManual.pdf.
For the network configuration take a look at the Chapter 6 of the guide Oracle VM VirtualBox User manual:http://download.virtualbox.org/virtualbox/UserManual.pdf.
NOTE
Alternatively, the other free product is VMware Player. According to the official documentation, VM-ware Player supports at most one VM, in practice this limitation is not applied and you can create morethan one. We have not tested the practical exercises with this product, so we cannot provide support onits use. Other free products are considered not adequate for this course: VMware vSphere Hypervisor istoo much for the exercises proposed, while VMServer is not maintained anymore since 2010. We havenot tested any virtualisation environment for MacOS (students that have used in the past virtualisationenvironment for MacOS have not reported us any problem regarding the practical exercises in this en-vironment). If you have a licence, you can use VMware Workstation (note that we do not suggest thatyou should buy one).
Assuming that you have a running VirtualBox, you can proceed with the installation of the VMs necessary forthe execution of the exercises proposed in the text of the laboratory in the following way:
1. download the VMs from the following link from the Tab “Kali Linux VirtualBox Images” (pay attentionto choose the correct versions on 32 or 64 bits):
https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
2. import the downloaded VMs in your system. To do so, click on “File” then on “Import appliance”. Itwill appear a window that will allow you to choose the file corresponding to the downloaded VM (e.g.kali-linux-2017.2-vbox-amd64.ova for Kali Full and kali-linux-light-2017.2-vbox-amd64.ovafor Kali Light). After you have chosen the downloaded file, it should appear a window that illustratesthe main characteristics of the imported VMs, no matter if you have imported Kali Full or Kali Light. Atthe left of the VirtualBox window there will appear two new VMs as illustrated in Figure 4. By pressingright click on the name of the VMs and then on “Settings” you can change the resources associated to theVMs that you have just created. We advise you to allocate at least 512 MB RAM to the Kali Light (afterimporting it’s 1 GB) and at least 1 GB for the VMs with Kali Full (after importing it’s 2 GB). Note thatone of the exercises proposed in laboratory 1 could require at least 6 GB RAM.
3. you can delete the images downloaded from the Kali Linux website, if you don’t need them anymore.
4. create a new “NAT Network”. To do so, click on “File” then on “Preferences...”. From the Tab “Network”create a new “NAT Network” by clicking on the icon “Add New NAT Network”. In the list it will appear anew line “NATNetwork”. Subsequently, right click on “Edit NAT Network”, rename it “SecurityLabNet-work”, and check whether it is enabled the support for DHCP and choose a range of IP addresses (if it is
5
Figure 4: VirtualBox after you have imported the two VMs.
the first one that you create, the range 10.0.2.0/24 should be fine). You should see windows as illustratedin Figure 5.
Figure 5: Configuration of a NAT Network with VirtualBox.
5. connect the VMs imported in the “SecurityLabNetwork”. For both VMs, right click on the name of theVM, choose “Preferences...” then click on TAB “Network”. In the Tab “Adapter 1”, change the option“Attached to:” from NAT to NAT Network, verify that in the field “Name” (that have just appeared) it isalso present “SecurityLabNetwork”.
No matter if you use the Full or Light distribution, you have to check that the following packages have beeninstalled (use apt-get to verify and install the missing packages):
• vsftpd
• hexedit
• strongswan
• strongswan-ikev1
• ipsec-tools
• dkms
6
• lynx
• alien
• nsis
• net-tools (optional)
For the execution of the exercises, you will need additional VMs. For this purpose, we advise you to clone theVMs you have just created because they have the network configuration and the correct packages installed. Todo so, right click on the name of the VM to clone, which should be switched off (we advise you to clone theLight versions). Then choose “Clone...”, select the name to be given to the new clone (e.g. KaliLight 2 and3) and select the option “Linked Clone” — (that will allow you to save space on disk, reduce RAM usage andwill allow you to increment the performance by using the advanced options of VirtualBox), as illustrated inFigure 6.
Figure 6: Window used to clone the VMs in VirtualBox.
After you have clicked on the button “Clone”, it will appear a new VM and to the original VM it will be addedthe text “Linked Base for KaliLight 3” (see Figure 7).
Figure 7: VirtualBox window after the preparation of the virtual laboratory.
In the laboratories, to the various VMs correspond different “roles” that will be used in the exercises. Forexample, besides Alice and Bob, which are used to indicate the generic user A and the generic user B, we willalso use other names whose initials recall the role they have in the practical exercise (e.g. Carol to indicate the
7
VM of the Certification Authority, Frank for the Firewall). To avoid confusion, we advise you to rename theVM before running the exercises (rename for example Kali1 as Alice, Kali2 as Bob a.s.o.).
Right click on the name of the VM to rename (e.g. KaliLight) and then click on “Settings...”. It will appeara window open on Tab “General > Basic” (as illustrated in Figure 8), where you can change the name bymodifying the text in the field “Name” (e.g. in Alice (KaliLight)). We suggest you also to keep in the name ofthe VM the indication Light or Full to know which version of Kali will be executed.
Figure 8: Window used to rename the VMs in VirtualBox.
2.1.1 Use of physical machines
If you have at disposal three PCs, you can connect them in a network with a switch, as illustrated in Figure 9.This configuration is also possible with the wireless access point, which typically has at least four Ethernetports.
To avoid to install Kali on every machine, you can start ISO Live either from the DVD or from the USB key.We strongly advise you the use of an USB key, which is much faster with respect to a DVD and allows also tosave your data. To prepare a USB Live key you can find usefull instructions in the Section 3. The ISO imagecontaining all the programs necessary for the execution of the exercises proposed is available at the coursewebsite:
http://security.polito.it/˜lioy/sw/kali_2017_1_torsec.iso
The Internet connection is not necessary for the majority of the exercises proposed, but in some cases it willbe necessary to download program updates. In any case, network connection may be helpful if you needaccess online the texts of the laboratory exercises, the additional material that would be required to perform theexercises and/or if you need to search for additional documentation.
LabM1
KaliFull
KaliLightCloneSwitch
ModemRouter
Internet
Figure 9: Network topology to recreate laboratory environment with three physical machines.
In case you do not have a DHCP server that assigns automatically the IP addresses to the machines, you haveto configure them manually (with the commands explained in the Section 1, you can also access the man pageof ifconfig for further details).
8
You can also set up a WiFi network (the ADSL router behaves both as a switch and as a router), but pay attentionbecause some drivers of some wireless network cards have limitations (for the capturing and the insertion ofthe packets) that could compromise the expected behaviour in some exercises (the potential problems will besignaled in the text of the exercises). These limitations are typically rare and can be solved by using a differentversion of the driver or by configuring adequately the network interfaces.
3 Creating a persistent live USB
With Kali, as with all main distributions of Linux live, it is possible to install the ISO image on an USB keyand start it from this device.
Prepare an USB key with Kali Live
Preparing an USB key from which you can start a Live distribution of Kali is quite simple.
In Linux it is enough to recreate bit to bit the content of the ISO Live on the key, for example by using thecommand dd:
dd if=/home/user1/kali 2017 1 torsec.iso of=/dev/sdd
where kali 2017 1 torsec.iso is the image of the Kali distribution, while /dev/sdd is the device on whichit was mapped the USB key.
ATTENTION
The USB key to be used must be empty because this operation destroys its content.
In Windows or Mac, we advise you to download one of the dedicated programs (e.g. Rufus, UNetbootin, ISOto USB, Windows USB/DVD Download Tool) and to execute the instructions of the tool. Even though the toolnotifies you before actually performing any operation, remember that also in this case the operations destroythe content of the USB key.
Finally, for the tools that do not make a copy of the ISO bit to bit similar to the one of the command dd,remember to make the key “bootable” by executing the specific indications of the operating systems.
ATTENTION
Do not (simply) copy the file ISO directly on the key (e.g. with Windows Explorer), it will notwork!
Adding a “persistent” partition on the USB Live key
If you use a USB key (instead of a DVD for example) it is also possible to save the data you create when yourun a live distribution. You can in fact create a “persistent” partition on the USB key on which you can save thedata you create throughout the execution of the proposed exercises.
To do so with Kali, it is necessary to create a new partition formatted with the filesystem ext3, and insertan adequate configuration file in its root. We advise you to create a partition of at least some hundreds ofmegabytes, or to occupy all the space on the key that has not been occupied by the ISO of Kali.
9
Assuming that the key was mapped on the device sdd2, a possible sequence of commands that can be used tomake an USB key persistent is the following one3:
1. open the partition manger and select the device:
partedselect /dev/sdd
2. individuate where it starts the part non allocated on the USB key:
3. create a new partition of size equal to dim (es. 500MB) starting from the beginning of the space that hasnot been allocated:
mkpart primary start part not allocated start part not allocated+dim
4. exit from the partition manger:
quit
5. create a file system on the partition that you have just created (assuming it is /dev/sdd new):
mkfs.ext3 /dev/sdd new
6. label adequately the new partition:
e2label /dev/sdd new persistence
7. create and set the configuration file persistence.conf in the root of the partition that has just beencreated:
mount /dev/sdd new /mnt/usbecho "/ union" > /mnt/usb/persistence.confumount /dev/sdd new
2It is possible to see the list of all devices with the command print devices. to understand on which file was mapped the USBkey
3You can execute these commands by using also the Kali distribution installed on the USB key itself
10
